摘要
针对目前SQL注入攻击检测手段单一化,不能做网站全面自动分析的问题,构建一种SQL注入的自动化检测框架。在分析SQL注入的基本原理及常见攻击方式基础上,设计了自动注入攻击工具总体框架,以及2条识别和抓取目标Web系统的链接。测试结果表明:该工具能够自动扫描识别2种以上类型的SQL注入攻击,并可对数据库进行攻击检测。该工具还可以进行进一步拓展,以满足灵活的SQL注入变形攻击的需求。
The detection mean of SQL injection attack is single and it can't carry out website automatic analysis, establish SQL injection automatic detection framework. Based on analyzing SQL injection basic principle and attack means, design automatic attack injection tool general framework, and 2 diagnosis and catching target Web system linkages. The test results show that the tool can automatically scanning more than 2 SQL injection attack types, then carry out attack detection for database. The tool can be further expanding for requirements of SQL flexible injection deformation attack.
出处
《兵工自动化》
2015年第8期45-48,共4页
Ordnance Industry Automation
关键词
SQL注入
安全性
攻击
自动检测
SQL injection
security
attack
automatic detection